CVE-2025-0095 — Packages Apps Settings vulnerability

2 documents2 sources

Severity

—N/A

No vector

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Packages Apps Settings

Timeline

PublishedFeb 1

Description

In AppTimeSpentPresenter of AppTimeSpentPreference.kt, there is a possible way to hijack implicit intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Affected Packages1 packages

▶Androidplatform/packages_apps_settings15-next:0 — 15-next:2025-02-01+2

🔴Vulnerability Details

OSV

CVE-2025-0095: In AppTimeSpentPresenter of AppTimeSpentPreference↗2025-02-01

▶

📋Vendor Advisories

Android

CVE-2025-0095: Android Security Bulletin 2025-02-01 CVE: CVE-2025-0095 Severity: HIGH Type: EoP Affected AOSP versions: 14, 15 References: A-356117796↗2025-02-01

▶